Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    89354c61f98c4a731d17d32fd07d7016a456beef033ad9779b9c473956afe078

  • Size

    1.9MB

  • Sample

    230107-1nwzbaac2t

  • MD5

    94d284921c475aeb29f5283187f34873

  • SHA1

    81ba2b442f1ba31c35574b08aca23907d019ee07

  • SHA256

    89354c61f98c4a731d17d32fd07d7016a456beef033ad9779b9c473956afe078

  • SHA512

    e442e1ce7948c1fd4f4bda5adb7fb685a80064b2d5de9e918d126e729660dae19120662fae9666238d7178b8c0a6b2cab1754b69ae9f45c5d3d86981b5d570fe

  • SSDEEP

    24576:RKWxGUbgfPFc3HF4gM62GAAHxnrro76ThPqC7TZac1zYg4Lo9:iARnHlpJ3f

Score
10/10
asyncratvenom clientsmicrosoftevasionpersistencephishingrattrojan

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT+HVNC+Stealer Version:5.0.9

Botnet

Venom Clients

C2

127.0.0.1:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      89354c61f98c4a731d17d32fd07d7016a456beef033ad9779b9c473956afe078

    • Size

      1.9MB

    • MD5

      94d284921c475aeb29f5283187f34873

    • SHA1

      81ba2b442f1ba31c35574b08aca23907d019ee07

    • SHA256

      89354c61f98c4a731d17d32fd07d7016a456beef033ad9779b9c473956afe078

    • SHA512

      e442e1ce7948c1fd4f4bda5adb7fb685a80064b2d5de9e918d126e729660dae19120662fae9666238d7178b8c0a6b2cab1754b69ae9f45c5d3d86981b5d570fe

    • SSDEEP

      24576:RKWxGUbgfPFc3HF4gM62GAAHxnrro76ThPqC7TZac1zYg4Lo9:iARnHlpJ3f

    Score
    10/10
    asyncratvenom clientsmicrosoftevasionpersistencephishingrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Async RAT payload

      rat

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks